Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Welcome to LinuxQuestions.org, a friendly and active Linux Community.

You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!

Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.

If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.

Having a problem logging in? Please visit this page to clear all LQ-related cookies.

Introduction to Linux - A Hands on Guide

This guide was created as an overview of the Linux Operating System, geared toward new users as an exploration tour and getting started guide, with exercises at the end of each chapter.
For more advanced trainees it can be a desktop reference, and a collection of the base knowledge needed to proceed with system and network administration. This book contains many real life examples derived from the author's experience as a Linux system and network administrator, trainer and consultant. They hope these examples will help you to get a better understanding of the Linux system and that you feel encouraged to try out things on your own.

we have a proxy server Mandrake 10.0 connecting about 1200 windows clients. Some virus is spread in network which is flooding proxy server on port 53 & port 25. The firewall is dropping these packets which i can see in shorewall's log.

The proxy server do not hang but its the switches in the network which get hanged... n the switches have to be restarted...

Sometimes we also get an error: "Neighbour Table Overflow..."

Please tell what can be the solution? how can traffic requests be stopped.... which may prevent switches from being hanged up...

If you know which PCs are infected, I would remove them from the network and clean them and make sure all anti-virus software is up to date.

If you do not know which ones are infected, unplug your networks internet connection. Then unplug all the PCs and scan each one for viruses. Clean the ones that are infected, then make sure all the PCs anit-virus software is up to date.

If you are an ISP, I am not sure if this is legal. But, I would cut the connection to all the infected PCs. Then contact the customers and explain the problem. There are free anti-virus software out there. I would suggest to them to use one.

We have been doing the same thing.. But the problem is network has 1200 nodes, scanning each of them will take lot of time..
n not single nodes can be disconnected... But we need to disconnect a group of nodes around 100 at a time... even if 1 of them is infected...

Cant something be done at proxy servers end... some configuration change in firewall or some where else????

what i was thinking was that ,maybe we can block some networks
like we have the whole network divided in small networks so we can block networks and on analysing the logs we can identify which network is causing problem and eliminate that whole network untill that infected network is scanned

I do not have any experience with managed switches. But, I believe SNMP allows you to diagnose and control the traffic going through them. You should be able to find which machines are causing the traffic and isolate them.

When the Code Red virus came out, our company was one of the first ones to get infected. We have 500 + nodes on the LAN. We pulled the plug and checked each machine before we hooked the internet back up.